Principles of keeping data safe

Preventing loss and corruption

Files can be lost accidentally in many different ways. Even if they are not lost completely, they can occasionally become corrupted. If a file is severely corrupted it may be unusable, but even subtle corruption may introduce errors which go unnoticed while affecting the outcome of your research.

Things to think about

  • Regular backups: (ideally automated) to several different locations will ensure that if one copy is lost or corrupt, you can easily get it back. When deciding how often to back up, think about the maximum number of days' work you would be prepared to lose. This is why we would recommend using your Research Drive. This is a hybrid, local/cloud, storage solution from Microsoft called StorSimple.  This consists of a storage device located in a secure data centre on the Stirling campus which is linked to unlimited cloud storage hosted in Microsoft data centres in Dublin and Amsterdam (with real-time replication of data between the two).  Data is initially written to the local storage device but moved transparently to the cloud based on frequency of access by the users.  Data is encrypted at rest on both local and cloud storage, and at all times whist in transit.  Only the University have access to the encryption keys.  Microsoft are responsible for ensuring that the data in their data centres is always available.  Backup of the local device is done by the University.  Snapshots are taken every evening to cloud storage in Microsoft Azure.  Daily snapshots are retained for 28 days and weekly snapshots are retained for 26 weeks.
  • Non-digital data: If you have data which is not kept on computer, you should make sure that is protected too.

Controlling access

In many cases, you may wish to restrict access to your data to a specific list of individuals. This might be because it is commercially sensitive to your or an industrial partner, or includes sensitive personal information covered by the Data Protection Act or they are your collaborators.

This is possible by sharing project folders on your Research Drive - see information on "Shared project folders for Stirling staff" or  "Shared project folders for external researchers"

Research data should not be held exclusively on any local storage media, e.g., a pen drive as these can be easily misplaced

Things to think about

  • Legal requirements: You may be under legal and/or contractual obligations to protect your data. If you're not sure, you can discuss this with the university's legal office, who can give you advice on your collaboration or consortium agreements and laws such as the Data Protection Act.
  • Use of secure systems: One way to restrict access is to use a password-protected system, as above. Commercial services such as Drobox may be convenient, but are unlikely to provide sufficient protection against unauthorised access.
  • Secure passwords: Passwords are often the weak link in any secure system. Make sure you choose passwords that are long and difficult to guess. Writing them down is OK, as long as you protect your written-down password very well, just like you would with your house or car keys.
  • Encryption: You will sometimes need to send data to people who don't have access to your secure storage system. Encrypting a file before you send it via insecure means (e.g. email) ensures that the contents can only be read by someone who has the key.

See the IS Security page for further help and advice, in particular the section on Protecting Your Data.


See the University's IT Use Policy, particularly Section 3.4 Ensuring Security

 

You will also find the information on security, mobile devices and data protection from JISCLegal a useful reference, http://www.jisclegal.ac.uk/ManageContent/ViewDetail/ID/2326/Security-Mobile-Devices-and-Data-Protection.aspx.

 

Ensuring usability

An often-overlooked aspect of data safety is ensuring that it remains usable. Students and staff arrive and leave on a regular basis, and often it can seem easier to repeat a whole set of expensive experiments rather than try to understand data left behind by researchers who have left the university.

Things to think about

  • Documenting as you work In some research domains, software can be used in such a way that software command files themselves become an important part of the research data and documentation. Ideally, a researcher should train themselves to conduct their activities in such a way that the tasks they perform are recorded clearly in relevant software files, in a manner that will enable replication by others. This practice is widely recognised, for example, in the context of using statistical analysis software, where researchers are generally encouraged to store textual 'command files' (often called 'syntax files', 'do files' or 'scripts') for this purpose. 

  • Documenting data: Record information about the structure and format of your data and the process you went through to obtain it. In some cases this can be stored in the data files themselves; if not, it can be stored in a "read me" document in the same folder as the data.

  • Using standards: Be aware of standard file formats and standard nomenclature (such as letters used for variables) used in your field. Consider using files in open formats so that they can be read by a variety of software.
© University of Stirling FK9 4LA Scotland UK • Telephone +44 1786 473171 • Scottish Charity No SC011159
Portal Logon